Upgrade from S3 to a Samba4 DC [with LDAPSAM] [NOTE!]
Adam Tauno Williams
awilliam at whitemice.org
Mon Sep 12 08:38:08 MDT 2011
Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>> On Fri, 2011-09-09 at 14:27 +0200, Tarjei Huse wrote:
>>> On 09/08/2011 11:11 PM, Andrew Bartlett wrote:
>>>> On Thu, 2011-09-08 at 16:56 -0400, Adam Tauno Williams wrote:
>>>>> Gotcha. And it goes much further. Are users with the same name as
>>>>> groups an issue? There is only one uid=bie object in the LDAPSAM.
>>>> Users with the same name as groups have always been prohibited in
>>>> Windows, even with NT4. I'm not sure there is anything we can do except
>>>> fail here, but I'm open to suggestions.
>>> Document it?
>> It is reasonably well documented [I knew about it]. That is just an
>> NT/Windows thing. Anyone managing Windows should already know about
>> that [from the Microsoft documentation], IMO. The only really issue
>> regarding that is that S3 LDAPSAM was pretty fast-and-loose with
>> enforcing rules. Does S3 LDAPSAM even use the "cn" attribute as the
>> group name? It appears to use the "description" attribute in most
>> places [at least that is what appears on the screen when looking at a
>> security descriptor].
> Indeed it does use "description" as the name of at least the group
> and that value is case-insensitive [again, obvious in hind-sight].
Nope, my bad. The attribute that need to be case-insensitive unique
is "displayName".
More information about the samba-technical
mailing list